Public bug reported: As seen in the LXC autopkgtest results: http://autopkgtest.ubuntu.com/packages/lxc
The source of those failures is that pool.sks-keyserver.net isn't allowed from within the autopkgtest environment. For that reason, LXC will switch to the http transport on port 80 when http_proxy is set in the environment. Under gpgv1, this was causing gpg to grab keys through the specified proxy as required in the autopkgtest environment and in a lot of corporate environments where internet access is only available through proxy. In gpgv2, it looks like dirmngr just entirely ignores any proxy variable and just attempts to fetch the key directly rather than through the proxy, leading to a failure. ### Xenial iptables -I OUTPUT -p tcp --dport 80 -j REJECT ip6tables -I OUTPUT -p tcp --dport 80 -j REJECT root@xenial:~# gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 0xBAEFF88C22F6E216 gpg: requesting key 22F6E216 from hkp server p80.pool.sks-keyservers.net ?: p80.pool.sks-keyservers.net: Connection refused gpgkeys: HTTP fetch error 7: couldn't connect: Connection refused gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: keyserver communications error: keyserver unreachable gpg: keyserver communications error: public key not found gpg: keyserver receive failed: public key not found root@xenial:~# http_proxy=http://sateda.srv.mtl.stgraber.net:3128 gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 0xBAEFF88C22F6E216 gpg: requesting key 22F6E216 from hkp server p80.pool.sks-keyservers.net gpg: key 22F6E216: "LXC pre-built images <[email protected]>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 ### Yakkety root@yakkety:~# iptables -I OUTPUT -p tcp --dport 80 -j REJECT root@yakkety:~# ip6tables -I OUTPUT -p tcp --dport 80 -j REJECT root@yakkety:~# gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 0xBAEFF88C22F6E216 gpg: keyserver receive failed: Connection refused root@yakkety:~# http_proxy=http://sateda.srv.mtl.stgraber.net:3128 gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 0xBAEFF88C22F6E216 gpg: keyserver receive failed: Connection refused ** Affects: gnupg2 (Ubuntu) Importance: Critical Assignee: Dimitri John Ledkov (xnox) Status: Triaged ** Changed in: gnupg2 (Ubuntu) Assignee: (unassigned) => Dimitri John Ledkov (xnox) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1625848 Title: gnupg2 appears to ignore http_proxy, fails to retrieve keys To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/1625848/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
